PonyMirrors/ponepaste
1
0
Fork 0
mirror of https://github.com/Neetpone/ponepaste.git synced 2025-03-12 06:30:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Admin works well enough to update the site settings at least; removed a bunch of duplicate code.

Browse source
This commit is contained in:
Floorb 2021-07-10 16:51:15 -04:00
parent a6f63b6781
commit e95238ed17
6 changed files with 159 additions and 391 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

74
admin/admin.php
View file

@ -14,77 +14,13 @@
*/ */
// PHP <5.5 compatibility // PHP <5.5 compatibility
require_once('../includes/password.php'); require_once('../includes/password.php');
define('IN_ADMIN', 1);
require_once('common.php');
session_start(); $query = $conn->query('SELECT user FROM admin LIMIT 1');
$adminid = $query->fetch()['user'];
if (isset($_SESSION['login'])) {
// Do nothing
} else {
header("Location: .");
exit();
}
if (isset($_GET['logout'])) {
if (isset($_SESSION['login']))
unset($_SESSION['login']);
session_destroy();
header("Location: .");
exit();
}
$date = date('jS F Y');
$ip = $_SERVER['REMOTE_ADDR'];
require_once('../config.php');
$conn = new PDO(
"mysql:host=$db_host;dbname=$db_schema;charset=utf8",
$db_user,
$db_pass,
$db_opts
);
$query = "SELECT @last_id := MAX(id) FROM admin_history";
$query = $conn->query('SELECT @last_id := MAX(id) FROM admin_history');
while ($row = $query->fetch()) {
$last_id = $row['@last_id := MAX(id)'];
}
$query = $conn->prepare('SELECT ip, last_date FROM admin_history WHERE id = ?');
$query->execute([$last_id]);
while ($row = $query->fetch()) {
$last_date = $row['last_date'];
$last_ip = $row['ip'];
}
/* This seems to take the same path in both cases and be overly convoluted, so I rewrote it below but kept this in case I
* am missing something...
if ($last_ip == $ip) {
if ($last_date == $date) {
} else {
$query = "INSERT INTO admin_history (last_date,ip) VALUES ('$date','$ip')";
mysqli_query($con, $query);
}
} else {
$query = "INSERT INTO admin_history (last_date,ip) VALUES ('$date','$ip')";
mysqli_query($con, $query);
}*/
if ($last_ip !== $ip || $last_date !== $date) {
$conn->prepare('INSERT INTO admin_history (ip, last_date) VALUES (?, ?)')->execute([$date, $ip]);
}
$query = $conn->query('SELECT user, pass FROM admin');
while ($row = $query->fetch()) {
$adminid = Trim($row['user']);
$password = Trim($row['pass']);
}
?> ?>
<!DOCTYPE html> <!DOCTYPE html>

49
admin/common.php Normal file
View file

@ -0,0 +1,49 @@
<?php
if (!defined('IN_ADMIN')) {
die();
}
require_once('../config.php');
function updateAdminHistory($conn) {
$last_date = null;
$last_ip = null;
$ip = $_SERVER['REMOTE_ADDR'];
$date = date('jS F Y');
$query = $conn->query('SELECT ip, last_date FROM admin_history ORDER BY ID DESC LIMIT 1');
if ($row = $query->fetch()) {
$last_date = $row['last_date'];
$last_ip = $row['ip'];
}
if ($last_ip !== $ip || $last_date !== $date) {
$conn->prepare('INSERT INTO admin_history (ip, last_date) VALUES (?, ?)')->execute([$date, $ip]);
}
}
session_start();
if (!isset($_SESSION['login'])) {
header('Location: .');
exit();
}
if (isset($_GET['logout'])) {
if (isset($_SESSION['login']))
unset($_SESSION['login']);
session_destroy();
header("Location: .");
exit();
}
$conn = new PDO(
"mysql:host=$db_host;dbname=$db_schema;charset=utf8",
$db_user,
$db_pass,
$db_opts
);

258
admin/configuration.php
View file

@ -12,67 +12,14 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License in GPL.txt for more details. * GNU General Public License in GPL.txt for more details.
*/ */
session_start(); define('IN_ADMIN', 1);
require_once('common.php');
if (isset($_SESSION['login'])) { updateAdminHistory($conn);
// Do nothing
} else {
header("Location: .");
exit();
}
if (isset($_GET['logout'])) { $query = $conn->query('SELECT * FROM site_info');
if (isset($_SESSION['login']))
unset($_SESSION['login']);
session_destroy();
header("Location: .");
exit();
}
$date = date('jS F Y'); if ($row = $query->fetch()) {
$ip = $_SERVER['REMOTE_ADDR'];
require_once('../config.php');
$con = mysqli_connect($dbhost, $dbuser, $dbpassword, $dbname);
if (mysqli_connect_errno()) {
$sql_error = mysqli_connect_error();
die("Unable connect to database");
}
$query = "SELECT @last_id := MAX(id) FROM admin_history";
$result = mysqli_query($con, $query);
while ($row = mysqli_fetch_array($result)) {
$last_id = $row['@last_id := MAX(id)'];
}
$query = "SELECT * FROM admin_history WHERE id=" . Trim($last_id);
$result = mysqli_query($con, $query);
while ($row = mysqli_fetch_array($result)) {
$last_date = $row['last_date'];
$last_ip = $row['ip'];
}
if ($last_ip == $ip) {
if ($last_date == $date) {
} else {
$query = "INSERT INTO admin_history (last_date,ip) VALUES ('$date','$ip')";
mysqli_query($con, $query);
}
} else {
$query = "INSERT INTO admin_history (last_date,ip) VALUES ('$date','$ip')";
mysqli_query($con, $query);
}
$query = "SELECT * FROM site_info";
$result = mysqli_query($con, $query);
while ($row = mysqli_fetch_array($result)) {
$title = Trim($row['title']); $title = Trim($row['title']);
$des = Trim($row['des']); $des = Trim($row['des']);
$baseurl = Trim($row['baseurl']); $baseurl = Trim($row['baseurl']);
@ -85,10 +32,11 @@ while ($row = mysqli_fetch_array($result)) {
$ga = Trim($row['ga']); $ga = Trim($row['ga']);
$additional_scripts = Trim($row['additional_scripts']); $additional_scripts = Trim($row['additional_scripts']);
} }
$query = "SELECT * FROM captcha WHERE id='1'";
$result = mysqli_query($con, $query);
while ($row = mysqli_fetch_array($result)) { $query = "SELECT * FROM captcha WHERE id = '1'";
$result = $conn->query('SELECT * FROM captcha WHERE id = 1');
if ($row = $result->fetch()) {
$cap_e = $row['cap_e']; $cap_e = $row['cap_e'];
$mode = $row['mode']; $mode = $row['mode'];
$mul = $row['mul']; $mul = $row['mul'];
@ -98,18 +46,16 @@ while ($row = mysqli_fetch_array($result)) {
$recaptcha_secretkey = $row['recaptcha_secretkey']; $recaptcha_secretkey = $row['recaptcha_secretkey'];
} }
$query = "SELECT * FROM site_permissions WHERE id='1'"; $result = $conn->query("SELECT * FROM site_permissions WHERE id='1'");
$result = mysqli_query($con, $query);
while ($row = mysqli_fetch_array($result)) { if ($row = $result->fetch()) {
$disableguest = Trim($row['disableguest']); $disableguest = Trim($row['disableguest']);
$siteprivate = Trim($row['siteprivate']); $siteprivate = Trim($row['siteprivate']);
} }
$query = "SELECT * FROM mail WHERE id='1'"; $result = $conn->query("SELECT * FROM mail WHERE id='1'");
$result = mysqli_query($con, $query);
while ($row = mysqli_fetch_array($result)) { if ($row = $result->fetch()) {
$verification = Trim($row['verification']); $verification = Trim($row['verification']);
$smtp_host = Trim($row['smtp_host']); $smtp_host = Trim($row['smtp_host']);
$smtp_username = Trim($row['smtp_username']); $smtp_username = Trim($row['smtp_username']);
@ -119,6 +65,85 @@ while ($row = mysqli_fetch_array($result)) {
$auth = Trim($row['auth']); $auth = Trim($row['auth']);
$socket = Trim($row['socket']); $socket = Trim($row['socket']);
} }
/* Update the configuration if necessary */
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['manage'])) {
$query = $conn->prepare(
'UPDATE site_info SET title = ?, des = ?, baseurl = ?, keyword = ?, site_name = ?, email = ?, twit = ?, face = ?, gplus = ?, ga = ?, additional_scripts = ? WHERE id = 1'
);
$query->execute([
trim($_POST['title']),
trim($_POST['des']),
trim($_POST['baseurl']),
trim($_POST['keyword']),
trim($_POST['site_name']),
trim($_POST['email']),
trim($_POST['twit']),
trim($_POST['face']),
trim($_POST['gplus']),
trim($_POST['ga']),
trim($_POST['additional_scripts'])
]);
$msg = '<div class="paste-alert alert3" style="text-align: center;">
Configuration saved
</div>';
}
if (isset($_POST['cap'])) {
$query = $conn->prepare(
'UPDATE captcha SET cap_e = ?, mode = ?, mul = ?, allowed = ?, color = ?, recaptcha_sitekey = ?, recaptcha_secretkey = ? WHERE id = 1'
);
$query->execute([
trim($_POST['cap_e']),
trim($_POST['mode']),
trim($_POST['mul']),
trim($_POST['allowed']),
trim($_POST['color']),
trim($_POST['recaptcha_sitekey']),
trim($_POST['recaptcha_secretkey'])
]);
$msg = '<div class="paste-alert alert3" style="text-align: center;">
Captcha settings saved
</div>';
}
if (isset($_POST['permissions'])) {
$query = $conn->prepare('UPDATE site_permissions SET disableguest = ?, siteprivate = ? WHERE id = 1');
$query->execute([
trim($_POST['disableguest']),
trim($_POST['siteprivate'])
]);
$msg = '<div class="paste-alert alert3" style="text-align: center;">
Site permissions saved.
</div>';
}
}
if (isset($_POST['smtp_code'])) {
$query = $conn->prepare(
'UPDATE mail SET verification = ?, smtp_host = ?, smtp_port = ?, smtp_username = ?, smtp_password = ?, socket = ?, protocol = ?, auth = ? WHERE id = 1'
);
$query->execute([
trim($_POST['verification']),
trim($_POST['smtp_host']),
trim($_POST['smtp_port']),
trim($_POST['smtp_user']),
trim($_POST['socket']),
trim($_POST['auth']),
trim($_POST['protocol'])
]);
$msg = '
<div class="paste-alert alert3" style="text-align: center;">
Mail settings updated
</div>';
}
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
@ -165,104 +190,7 @@ while ($row = mysqli_fetch_array($result)) {
<div class="col-md-12"> <div class="col-md-12">
<div class="panel panel-widget"> <div class="panel panel-widget">
<div class="panel-body"> <div class="panel-body">
<?php <?php if (isset($msg)) echo $msg; ?>
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['manage'])) {
$site_name = mysqli_real_escape_string( $con, Trim($_POST['site_name']) );
$title = mysqli_real_escape_string( $con, Trim($_POST['title']) );
$baseurl = mysqli_real_escape_string( $con, Trim($_POST['baseurl']) );
$des = mysqli_real_escape_string( $con, Trim($_POST['des']) );
$keyword = htmlentities(Trim($_POST['keyword']));
$email = mysqli_real_escape_string( $con, Trim($_POST['email']) );
$twit = htmlentities(Trim($_POST['twit']));
$face = htmlentities(Trim($_POST['face']));
$gplus = htmlentities(Trim($_POST['gplus']));
$ga = htmlentities(Trim($_POST['ga']));
$additional_scripts = mysqli_real_escape_string( $con, $_POST['additional_scripts'] );
$query = "UPDATE site_info SET title='$title', des='$des', baseurl='$baseurl', keyword='$keyword', site_name='$site_name', email='$email', twit='$twit', face='$face', gplus='$gplus', ga='$ga', additional_scripts='$additional_scripts' WHERE id='1'";
mysqli_query($con, $query);
if (mysqli_errno($con)) {
$msg = '<div class="paste-alert alert6" style="text-align: center;">
' . mysqli_error($con) . '
</div>';
} else {
$msg = '<div class="paste-alert alert3" style="text-align: center;">
Configuration saved
</div>';
}
}
if (isset($_POST['cap'])) {
$cap_e = Trim($_POST['cap_e']);
$mode = Trim($_POST['mode']);
$mul = Trim($_POST['mul']);
$allowed = Trim($_POST['allowed']);
$color = Trim($_POST['color']);
$recaptcha_sitekey = Trim($_POST['recaptcha_sitekey']);
$recaptcha_secretkey = Trim($_POST['recaptcha_secretkey']);
$query = "UPDATE captcha SET cap_e='$cap_e', mode='$mode', mul='$mul', allowed='$allowed', color='$color', recaptcha_sitekey='$recaptcha_sitekey', recaptcha_secretkey='$recaptcha_secretkey' WHERE id='1'";
mysqli_query($con, $query);
if (mysqli_errno($con)) {
$msg = '<div class="paste-alert alert6" style="text-align: center;">
' . mysqli_error($con) . '
</div>';
} else {
$msg = '<div class="paste-alert alert3" style="text-align: center;">
Captcha settings saved
</div>';
}
}
if (isset($_POST['permissions'])) {
$disableguest = Trim($_POST['disableguest']);
$siteprivate = Trim($_POST['siteprivate']);
$query = "UPDATE site_permissions SET disableguest='$disableguest', siteprivate='$siteprivate' WHERE id='1'";
mysqli_query($con, $query);
if (mysqli_errno($con)) {
$msg = '<div class="paste-alert alert6" style="text-align: center;">
' . mysqli_error($con) . '
</div>';
} else {
$msg = '<div class="paste-alert alert3" style="text-align: center;">
Site permissions saved.
</div>';
}
}
}
if (isset($_POST['smtp_code'])) {
$verification = Trim($_POST['verification']);
$smtp_host = Trim($_POST['smtp_host']);
$smtp_port = Trim($_POST['smtp_port']);
$smtp_username = Trim($_POST['smtp_user']);
$smtp_password = Trim($_POST['smtp_pass']);
$socket = Trim($_POST['socket']);
$auth = Trim($_POST['auth']);
$protocol = Trim($_POST['protocol']);
$query = "UPDATE mail SET verification='$verification', smtp_host='$smtp_host', smtp_port='$smtp_port', smtp_username='$smtp_username', smtp_password='$smtp_password', socket='$socket', protocol='$protocol', auth='$auth' WHERE id='1'";
mysqli_query($con, $query);
if (mysqli_errno($con)) {
$msg = '<div class="paste-alert alert6" style="text-align: center;">
' . mysqli_error($con) . '
</div>';
} else {
$msg = '
<div class="paste-alert alert3" style="text-align: center;">
Mail settings updated
</div>';
}
}
if (isset($msg)) echo $msg;
?>
<div role="tabpanel"> <div role="tabpanel">
<!-- Nav tabs --> <!-- Nav tabs -->

48
admin/dashboard.php
View file

@ -13,57 +13,15 @@
* GNU General Public License in GPL.txt for more details. * GNU General Public License in GPL.txt for more details.
*/ */
session_start(); define('IN_ADMIN', 1);
require_once('common.php');
if (!isset($_SESSION['login'])) {
header('Location: .');
exit();
}
if (isset($_GET['logout'])) {
if (isset($_SESSION['login']))
unset($_SESSION['login']);
session_destroy();
header("Location: .");
exit();
}
$today_users_count = 0; $today_users_count = 0;
$today_pastes_count = 0; $today_pastes_count = 0;
$date = date('jS F Y');
$ip = $_SERVER['REMOTE_ADDR'];
require_once('../config.php');
require_once('../includes/functions.php'); require_once('../includes/functions.php');
$conn = new PDO( updateAdminHistory($conn);
"mysql:host=$db_host;dbname=$db_schema;charset=utf8",
$db_user,
$db_pass,
$db_opts
);
$query = $conn->query('SELECT @last_id := MAX(id) FROM admin_history');
while ($row = $query->fetch()) {
$last_id = $row['@last_id := MAX(id)'];
}
$query = $conn->prepare('SELECT ip, last_date FROM admin_history WHERE id = ?');
$query->execute([$last_id]);
while ($row = $query->fetch()) {
$last_date = $row['last_date'];
$last_ip = $row['ip'];
}
if ($last_ip !== $ip || $last_date !== $date) {
$conn->prepare('INSERT INTO admin_history (ip, last_date) VALUES (?, ?)')->execute([$date, $ip]);
}
$query = $conn->query("SELECT @last_id := MAX(id) FROM page_view"); $query = $conn->query("SELECT @last_id := MAX(id) FROM page_view");
$row = $query->fetch(PDO::FETCH_NUM); $row = $query->fetch(PDO::FETCH_NUM);

62
admin/pages.php
View file

@ -12,61 +12,11 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License in GPL.txt for more details. * GNU General Public License in GPL.txt for more details.
*/ */
session_start(); define('IN_ADMIN', 1);
require_once('common.php');
if (isset($_SESSION['login'])) { updateAdminHistory($conn);
// Do nothing
} else {
header("Location: .");
exit();
}
if (isset($_GET['logout'])) {
if (isset($_SESSION['login']))
unset($_SESSION['login']);
session_destroy();
header("Location: .");
exit();
}
$date = date('jS F Y');
$ip = $_SERVER['REMOTE_ADDR'];
require_once('../config.php');
$con = mysqli_connect($dbhost, $dbuser, $dbpassword, $dbname);
if (mysqli_connect_errno()) {
$sql_error = mysqli_connect_error();
die("Unable connect to database");
}
$query = "SELECT @last_id := MAX(id) FROM admin_history";
$result = mysqli_query($con, $query);
while ($row = mysqli_fetch_array($result)) {
$last_id = $row['@last_id := MAX(id)'];
}
$query = "SELECT * FROM admin_history WHERE id=" . Trim($last_id);
$result = mysqli_query($con, $query);
while ($row = mysqli_fetch_array($result)) {
$last_date = $row['last_date'];
$last_ip = $row['ip'];
}
if ($last_ip == $ip) {
if ($last_date == $date) {
} else {
$query = "INSERT INTO admin_history (last_date,ip) VALUES ('$date','$ip')";
mysqli_query($con, $query);
}
} else {
$query = "INSERT INTO admin_history (last_date,ip) VALUES ('$date','$ip')";
mysqli_query($con, $query);
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST{'editme'})) { if (isset($_POST{'editme'})) {
$edit_me_id = htmlentities(Trim($_POST['editme'])); $edit_me_id = htmlentities(Trim($_POST['editme']));
@ -167,7 +117,7 @@ if (isset($_GET{'edit'})) {
<br /> <br />
<?php <?php
if (isset($_GET{'edit'})) { if (isset($_GET{'edit'})) {
echo '<input type="hidden" value=' . $_GET{'edit'} . 'id="editme" name="editme" />'; echo '<input type="hidden" value=' . $_GET['edit'] . 'id="editme" name="editme" />';
} }
?> ?>
<div class='control-group'> <div class='control-group'>
@ -221,8 +171,8 @@ if (isset($_GET{'edit'})) {
if (isset($_GET{'page'})) { // Get the current page if (isset($_GET['page'])) { // Get the current page
$page = $_GET{'page'} + 1; $page = $_GET['page'] + 1;
$offset = $rec_limit * $page; $offset = $rec_limit * $page;
} else { } else {
// Show first set of results // Show first set of results

59
admin/pastes.php
View file

@ -12,63 +12,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License in GPL.txt for more details. * GNU General Public License in GPL.txt for more details.
*/ */
session_start(); define('IN_ADMIN', 1);
require_once('common.php');
if (isset($_SESSION['login'])) {
// Do nothing
} else {
header("Location: .");
exit();
}
if (isset($_GET['logout'])) {
if (isset($_SESSION['login']))
unset($_SESSION['login']);
session_destroy();
header("Location: .");
exit();
}
$date = date('jS F Y');
$ip = $_SERVER['REMOTE_ADDR'];
require_once('../config.php');
$con = mysqli_connect($dbhost, $dbuser, $dbpassword, $dbname);
if (mysqli_connect_errno()) {
$sql_error = mysqli_connect_error();
die("Unable connect to database");
}
$query = "SELECT @last_id := MAX(id) FROM admin_history";
$result = mysqli_query($con, $query);
while ($row = mysqli_fetch_array($result)) {
$last_id = $row['@last_id := MAX(id)'];
}
$query = "SELECT * FROM admin_history WHERE id=" . Trim($last_id);
$result = mysqli_query($con, $query);
while ($row = mysqli_fetch_array($result)) {
$last_date = $row['last_date'];
$last_ip = $row['ip'];
}
if ($last_ip == $ip) {
if ($last_date == $date) {
} else {
$query = "INSERT INTO admin_history (last_date,ip) VALUES ('$date','$ip')";
mysqli_query($con, $query);
}
} else {
$query = "INSERT INTO admin_history (last_date,ip) VALUES ('$date','$ip')";
mysqli_query($con, $query);
}
updateAdminHistory($conn);
?> ?>
<!DOCTYPE html> <!DOCTYPE html>